Network Manager is a Firewalla Gold / Purple only feature. It is used to configure WAN in Router Mode and also create network segments in both Router and Simple/DHCP Modes.
- Default Networks
- Network Manager
- Example: Segment Guest Network via VLAN
To configure any network functions, you will need to press the Edit button
Firewalla Gold has 4 Ethernet ports. Port 4 is the default WAN port in Router Mode, and the default port connecting to the router in Simple/DHCP Mode.
By default, there are two networks on Firewalla Gold:
- A WAN connection you configured during the initial setup, if Firewalla Gold is in Router Mode.
- A default Local Network (LAN) that bridges Ethernet Port 1, 2, 3. Devices can join Firewalla's default Local network by connecting directly to one of these ports using an ethernet cable, or to a wireless access point or wired switch that connects to these ports.
Ports 1,2,3,4 can be configured to have their own network space. They can also be configured as VLAN trunking ports.
Here is a guide on how to change the default port 4 used for WAN connection into other port.
Configure Networks - Network Manager
The Network Manager screen (Home -> Network) shows all the existing networks with their IP range, VLAN ID, and the ethernet ports they are using.
If you want to create your own network, tap Edit -> Create Network, then choose the network type.
During the initial setup, Firewalla will auto-detect the connection type of your network. You can either change it or create a new connection in Network Manager.
In simple mode/ DHCP mode, Firewalla is able to monitor the devices connected to the router through the WAN port.
Multi-WAN Connection: If you have more than one WAN connection, please find more details here: Firewalla Gold feature guide: Multi-WAN.
To create a WAN connection, you'd need to assign an ethernet port which connects to your ISP Device (a modem or router), a VLAN ID (if any), and a connection type.
A WAN connection can be one of 4 types:
- DHCP: Get the IP Address assigned by the modem/router automatically.
- Static IP: Manually assign an IP Address, Subnet Mask, Gateway, and DNS server for your connection. The static IP should be provided by your ISP. Otherwise, please make sure the IP Address is in the subnet of the router you are connected to.
If your ISP has provided you with multiple IP Addresses, find more details here.
- PPPoE: This requires an ISP-provided user name and password to connect to the Internet.
- Triple Play: Here is the specific guide on how to set up Triple Play VLAN on Gold. Choose this type only if it is required by your ISP.
In addition to the basic settings, there are a few options that may be required by your ISP in order to get internet access. We've added these advanced options so you can configure them accordingly when creating a WAN connection:
- Change / Clone MAC Address of Ethernet Ports
- DHCP Option 60 - Vendor class identifier
- IGMP Proxy
- MTU/MRU for PPPoE
- WAN DNS Servers
Note: Changing MAC address of Ethernet Port 4 requires Firewalla Box version 1.972 or later.
Local Network Configuration
To create a local network, you'll need to enter:
- A VLAN ID (If you are creating a virtual network)
- Ethernet port(s). If you select more than one port, they will be bridged automatically.
- Network settings. Firewalla fills the network settings for you. You can tap the blue "Smart Fill" button to generate a new one, or manually edit them as per your preference.
After the network is created, you can connect your devices to the ports with ethernet cables, or through a wireless access point or a router that has been set to Bridge Mode/ AP Mode.
Learn more on How to connect your devices
DNS Servers: Firewalla will automatically become the default upstream DNS for the entire LAN. So in this case, only Firewalla itself will use WAN configured DNS.
Search Domain: By default, Firewalla uses .lan for all local networks by default, you can set different search domains for different local networks as needed.
In order to provide better control of the NAT functionality in the Firewalla Gold. We have consolidated all NAT functions under Network -> NAT Settings. If you do not have advanced networks, there is no need to modify this.
Source NAT (default on):
If Source NAT is turned on, it means the local networks can access the Internet through the SNAT gateway. If you have multiple WANs, Source NAT now can be turned on/off on each WAN connection separately, but all WANs will be sharing the same list of source networks. [There is no need to configure this in most networks.]
Source NAT is turned on for all local networks by default, in addition, you can manually add source networks.
NAT Passthrough helps connections of different protocols including PPTP, L2TP, IPSEC, H323 (for video call), SIP (for VoIP) to pass through the router.
You can configure port forwarding on the WAN connection either manually or by UPnP. You can:
- Enable/Disable UPnP Globally
- Choose whether to automatically create an allow rule for open ports. The allow rule will be applied to the corresponding device.
- Block a port created by UPnP.
- Delete a manually created port forwarding.
Here is a tutorial on How to limit access on ports.
Select one device as a DMZ Host so that it can be accessed directly from the outside of your network. If Allow on Firewall is turned on, an allow rule will be created on the device to allow all traffic from the internet as well.
Multiple IP Addresses on WAN:
For those of you who are given multiple static IP addresses by your ISP, Firewalla supports configuring additional IP addresses on your WAN connection. By assigning multiple IPs on a single WAN, you can forward different ports to different IP addresses, and set DMZ host on any specific IP addresses.
Up to 5 additional IPs are supported on one WAN interface.